npm - @economic/agents - Versions diffs - 1.8.1 → 2.0.0 - Mend

@economic/agents 1.8.1 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index-DzOC3mNl.d.mts +18 -0
package/dist/index.d.mts +1 -16
package/dist/index.mjs +1 -365
package/dist/telemetry-a-1XBTxr.mjs +372 -0
package/dist/v2.d.mts +164 -0
package/dist/v2.mjs +523 -0
package/package.json +11 -7

package/dist/index-DzOC3mNl.d.mts ADDED Viewed

@@ -0,0 +1,18 @@
+import { JWTPayload } from "jose";
+//#region src/server/shared/features/auth/index.d.ts
+interface JwtAuthConfig<TClaims extends Record<string, unknown> = Record<string, unknown>> {
+  /** Issuers whose tokens are accepted (exact string or RegExp). */
+  allowedIssuers: readonly (string | RegExp)[];
+  /** Expected `aud` claim. */
+  audience: string;
+  /** Required OAuth scopes; token `scope` must include all (empty = no scope check). */
+  requiredScopes?: readonly string[];
+  /**
+   * Extract the claims you need from the verified JWT payload.
+   * These will be stored and made available in the agent's tool context.
+   */
+  getClaims: (payload: JWTPayload) => TClaims;
+}
+//#endregion
+export { JwtAuthConfig as t };

package/dist/index.d.mts CHANGED Viewed

@@ -1,7 +1,7 @@
+import { t as JwtAuthConfig } from "./index-DzOC3mNl.mjs";
 import { LanguageModel, StreamTextOnFinishCallback, ToolSet, UIMessage, generateText, streamText } from "ai";
 import { Agent as Agent$1, AgentOptions, Connection, ConnectionContext } from "agents";
 import { AIChatAgent, ChatResponseResult, OnChatMessageOptions } from "@cloudflare/ai-chat";
-import { JWTPayload } from "jose";
 //#region src/server/shared/features/skills/index.d.ts
 /**
@@ -69,21 +69,6 @@ interface ChatAgentEnv extends AgentEnv {}
 //#region src/server/v1/route-agent-request.d.ts
 declare function routeAgentRequest<Env>(request: Request, env: Env, options?: AgentOptions<Env>): Promise<Response | null>;
 //#endregion
-//#region src/server/shared/features/auth/index.d.ts
-interface JwtAuthConfig<TClaims extends Record<string, unknown> = Record<string, unknown>> {
-  /** Issuers whose tokens are accepted (exact string or RegExp). */
-  allowedIssuers: readonly (string | RegExp)[];
-  /** Expected `aud` claim. */
-  audience: string;
-  /** Required OAuth scopes; token `scope` must include all (empty = no scope check). */
-  requiredScopes?: readonly string[];
-  /**
-   * Extract the claims you need from the verified JWT payload.
-   * These will be stored and made available in the agent's tool context.
-   */
-  getClaims: (payload: JWTPayload) => TClaims;
-}
-//#endregion
 //#region src/server/v1/agent/Agent.d.ts
 /**
  * Base agent for Cloudflare Agents SDK Durable Objects with lazy skill loading

package/dist/index.mjs CHANGED Viewed

@@ -1,8 +1,7 @@
+import { n as extractTokenFromConnectRequest, r as verifyJwt, t as createAgentTracer } from "./telemetry-a-1XBTxr.mjs";
 import { Output, convertToModelMessages, generateText, jsonSchema, stepCountIs, streamText, tool } from "ai";
 import { Agent as Agent$1, callable, getCurrentAgent, routeAgentRequest as routeAgentRequest$1 } from "agents";
 import { AIChatAgent } from "@cloudflare/ai-chat";
-import { createRemoteJWKSet, decodeJwt, errors, jwtVerify } from "jose";
-import { BasicTracerProvider, SimpleSpanProcessor } from "@opentelemetry/sdk-trace-base";
 //#region src/server/shared/features/skills/index.ts
 const TOOL_NAME_ACTIVATE_SKILL = "activate_skill";
 const TOOL_NAME_LIST_CAPABILITIES = "list_capabilities";
@@ -270,369 +269,6 @@ async function routeAgentRequest(request, env, options) {
 	return response;
 }
 //#endregion
-//#region src/server/shared/features/auth/index.ts
-const jwksByIssuer = /* @__PURE__ */ new Map();
-function getJwksForIssuer(issuer) {
-	const normalized = issuer.replace(/\/$/, "");
-	let jwks = jwksByIssuer.get(normalized);
-	if (!jwks) {
-		jwks = createRemoteJWKSet(new URL(`${normalized}/.well-known/openid-configuration/jwks`));
-		jwksByIssuer.set(normalized, jwks);
-	}
-	return jwks;
-}
-function isIssuerAllowed(iss, allowed) {
-	return allowed.some((rule) => typeof rule === "string" ? rule === iss : rule.test(iss));
-}
-function extractTokenFromConnectRequest(request) {
-	const authorization = request.headers.get("Authorization");
-	if (authorization) {
-		const match = authorization.match(/^Bearer\s+(.+)$/i);
-		if (match?.[1]) return match[1].trim();
-	}
-	const wsProtocol = request.headers.get("Sec-WebSocket-Protocol");
-	if (wsProtocol) {
-		const parts = wsProtocol.split(",").map((p) => p.trim());
-		const idx = parts.indexOf("bearer");
-		if (idx !== -1 && parts[idx + 1]) return parts[idx + 1];
-	}
-	return null;
-}
-function hasRequiredScopes(tokenScope, required) {
-	if (required.length === 0) return true;
-	if (tokenScope === void 0) return false;
-	const tokens = Array.isArray(tokenScope) ? tokenScope : tokenScope.split(" ").map((s) => s.trim()).filter(Boolean);
-	const granted = new Set(tokens);
-	return required.every((scope) => granted.has(scope));
-}
-/**
-* Verify a JWT from a request and extract claims.
-*
-* Extracts the token from `Authorization: Bearer` header first,
-* then falls back to `Sec-WebSocket-Protocol: bearer, <token>` for WebSocket connections.
-*
-* Expected auth failures (missing/expired token, insufficient scope) return a failure result.
-* Unexpected errors (network issues, malformed requests, untrusted issuers) throw and should
-* be caught and logged by the caller.
-*
-* @param request - The incoming request (from ConnectionContext)
-* @param config - JWT verification configuration
-* @returns Result object with either verified claims or expected auth failure
-* @throws Error for unexpected failures that should be logged
-*/
-async function verifyJwt(request, config) {
-	const token = extractTokenFromConnectRequest(request);
-	if (!token) return {
-		success: false,
-		status: 401,
-		message: "Unauthorized: Missing authentication token"
-	};
-	let unverifiedPayload;
-	try {
-		unverifiedPayload = decodeJwt(token);
-	} catch {
-		throw new Error("Invalid token format");
-	}
-	const iss = typeof unverifiedPayload.iss === "string" ? unverifiedPayload.iss : void 0;
-	if (!iss) throw new Error("Missing issuer claim in token");
-	if (!isIssuerAllowed(iss, config.allowedIssuers)) throw new Error(`Untrusted issuer: ${iss}`);
-	const jwks = getJwksForIssuer(iss);
-	let payload;
-	try {
-		payload = (await jwtVerify(token, jwks, {
-			issuer: iss,
-			audience: config.audience
-		})).payload;
-	} catch (error) {
-		if (error instanceof errors.JWTExpired) return {
-			success: false,
-			status: 401,
-			message: "Unauthorized: Token expired"
-		};
-		if (error instanceof errors.JWTClaimValidationFailed) return {
-			success: false,
-			status: 401,
-			message: "Unauthorized: Token claim validation failed"
-		};
-		if (error instanceof errors.JWSSignatureVerificationFailed || error instanceof errors.JWKSNoMatchingKey) throw new Error("Invalid token signature");
-		throw error;
-	}
-	const requiredScopes = config.requiredScopes ?? [];
-	const scopeClaim = payload.scope;
-	if (!hasRequiredScopes(scopeClaim, requiredScopes)) return {
-		success: false,
-		status: 403,
-		message: "Forbidden: Insufficient scope"
-	};
-	return {
-		success: true,
-		claims: config.getClaims(payload)
-	};
-}
-//#endregion
-//#region src/server/shared/features/telemetry/index.ts
-function durationMs(duration) {
-	return duration[0] * 1e3 + duration[1] / 1e6;
-}
-function stringAttribute(span, key) {
-	const value = span.attributes[key];
-	return typeof value === "string" ? value : void 0;
-}
-function numberAttribute(span, key) {
-	const value = span.attributes[key];
-	return typeof value === "number" ? value : void 0;
-}
-function parseJson(value) {
-	if (!value) return;
-	try {
-		return JSON.parse(value);
-	} catch {
-		return;
-	}
-}
-function safePathSegment(value, fallback) {
-	return (value || fallback).replace(/[^a-zA-Z0-9._-]/g, "_");
-}
-function createAuditLogKey(agentName, conversationId) {
-	const timestamp = (/* @__PURE__ */ new Date()).toISOString().replaceAll(":", "-");
-	const id = crypto.randomUUID().slice(0, 8);
-	return [
-		safePathSegment(agentName, "unknown-agent"),
-		safePathSegment(conversationId, "unknown-conversation"),
-		`${timestamp}-${id}.json`
-	].join("/");
-}
-function textFromContent(content) {
-	if (typeof content === "string") return content;
-	if (Array.isArray(content)) return content.map((part) => {
-		if (!part || typeof part !== "object") return "";
-		const value = part.text;
-		return typeof value === "string" ? value : "";
-	}).filter(Boolean).join("\n");
-	return "";
-}
-function extractPrompt(messages) {
-	const firstUserMessage = messages.find((message) => message.role === "user");
-	return firstUserMessage ? textFromContent(firstUserMessage.content) : "";
-}
-function promptCharCount(messages) {
-	const firstUserMessage = messages.find((message) => message.role === "user");
-	return firstUserMessage ? textFromContent(firstUserMessage.content).length : 0;
-}
-function extractTools(messages) {
-	const tools = [];
-	for (const message of messages) {
-		if (message.role !== "assistant" || !Array.isArray(message.content)) continue;
-		for (const part of message.content) {
-			if (!part || typeof part !== "object") continue;
-			const record = part;
-			if (record.type !== "tool_use") continue;
-			tools.push({
-				name: typeof record.name === "string" ? record.name : void 0,
-				input: record.input,
-				status: "success"
-			});
-		}
-	}
-	return tools;
-}
-/**
-* Stores the last ai.streamText.doStream span per conversation.
-* Its ai.prompt.messages contains the full conversation history including all
-* intermediate tool_use + tool_result turns from the agentic loop.
-*/
-const lastDoStreamByConversation = /* @__PURE__ */ new Map();
-const toolCallsByParentSpan = /* @__PURE__ */ new Map();
-const toolCallsByConversation = /* @__PURE__ */ new Map();
-const pendingToolCalls = [];
-const currentSkillByConversation = /* @__PURE__ */ new Map();
-function userIndex(userId) {
-	return userId;
-}
-function extractSkillName(toolName, input) {
-	if (!input || typeof input !== "object") return;
-	const record = input;
-	if (toolName === "load_context") {
-		const key = record.key;
-		return typeof key === "string" ? key : void 0;
-	}
-	if (toolName === "activate_skill") {
-		const skill = record.skill ?? record.name ?? record.key;
-		return typeof skill === "string" ? skill : void 0;
-	}
-}
-function pushToolCall(map, key, toolCall) {
-	const existing = map.get(key);
-	if (existing) existing.push(toolCall);
-	else map.set(key, [toolCall]);
-}
-function rememberToolCall(span) {
-	const parentSpanId = span.parentSpanContext?.spanId;
-	const toolName = stringAttribute(span, "ai.toolCall.name");
-	const input = parseJson(stringAttribute(span, "ai.toolCall.args"));
-	const toolCall = {
-		name: toolName,
-		input,
-		status: span.status.code === 0 ? "success" : "error",
-		skillName: extractSkillName(toolName, input)
-	};
-	if (parentSpanId) pushToolCall(toolCallsByParentSpan, parentSpanId, toolCall);
-	pendingToolCalls.push(toolCall);
-}
-function attachToolCallsToConversation(span, conversationId) {
-	const spanId = span.spanContext().spanId;
-	const toolCalls = toolCallsByParentSpan.get(spanId) ?? pendingToolCalls.splice(0);
-	if (!toolCalls.length) return;
-	toolCallsByParentSpan.delete(spanId);
-	const currentSkill = currentSkillByConversation.get(conversationId);
-	const attributedToolCalls = toolCalls.map((toolCall) => {
-		const skillName = toolCall.skillName ?? currentSkill;
-		if (toolCall.skillName) currentSkillByConversation.set(conversationId, toolCall.skillName);
-		return {
-			...toolCall,
-			...skillName ? { skillName } : {}
-		};
-	});
-	toolCallsByConversation.set(conversationId, [...toolCallsByConversation.get(conversationId) ?? [], ...attributedToolCalls]);
-}
-function buildAuditLog(span, context) {
-	const lastDoStream = lastDoStreamByConversation.get(context.conversationId);
-	lastDoStreamByConversation.delete(context.conversationId);
-	const promptMessages = parseJson(stringAttribute(lastDoStream ?? span, "ai.prompt.messages"));
-	const fallbackPrompt = parseJson(stringAttribute(span, "ai.prompt"));
-	const inputMessages = promptMessages ?? fallbackPrompt?.messages ?? [];
-	const spanToolCalls = toolCallsByConversation.get(context.conversationId) ?? [];
-	toolCallsByConversation.delete(context.conversationId);
-	return {
-		id: createAuditLogKey(context.agentName, context.conversationId),
-		timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-		conversationId: context.conversationId,
-		agent: {
-			name: context.agentName,
-			llm: {
-				model: stringAttribute(span, "ai.model.id"),
-				provider: stringAttribute(span, "ai.model.provider")
-			}
-		},
-		actor: {
-			userId: context.userId,
-			ip: {
-				client: context.clientIp ?? context.forwardedFor?.split(",").map((ip) => ip.trim()).filter(Boolean)[0],
-				forwardedFor: context.forwardedFor?.split(",").map((ip) => ip.trim()).filter(Boolean) ?? []
-			}
-		},
-		prompt: extractPrompt(inputMessages),
-		response: stringAttribute(span, "ai.response.text") ?? "",
-		status: span.status.code === 0 ? "success" : "error",
-		tools: [...extractTools(inputMessages), ...spanToolCalls]
-	};
-}
-async function handleAuditSpan(span, auditLogs, context) {
-	const auditLog = buildAuditLog(span, context);
-	if (!auditLogs) return;
-	await auditLogs.put(auditLog.id, JSON.stringify(auditLog, null, 2), { httpMetadata: { contentType: "application/json" } });
-	console.log("[AuditLog] Created", auditLog.id);
-}
-function writeAnalyticsDatapoint(analytics, dataPoint) {
-	if (!analytics) return;
-	try {
-		analytics.writeDataPoint(dataPoint);
-	} catch (error) {
-		console.error("[Agent] Failed to write analytics datapoint", error);
-	}
-}
-function handleAnalyticsSpan(span, analytics) {
-	if (span.name === "ai.streamText.doStream") {
-		const promptMessages = parseJson(stringAttribute(span, "ai.prompt.messages"));
-		const responseText = stringAttribute(span, "ai.response.text") ?? "";
-		writeAnalyticsDatapoint(analytics, {
-			indexes: [userIndex(stringAttribute(span, "ai.telemetry.metadata.userId") ?? "")],
-			blobs: [
-				"llm_call",
-				stringAttribute(span, "ai.telemetry.metadata.agentName") ?? "",
-				stringAttribute(span, "ai.telemetry.metadata.conversationId") ?? "",
-				stringAttribute(span, "ai.model.id") ?? "",
-				stringAttribute(span, "ai.model.provider") ?? "",
-				stringAttribute(span, "ai.response.finishReason") ?? ""
-			],
-			doubles: [
-				numberAttribute(span, "ai.usage.inputTokens") ?? 0,
-				numberAttribute(span, "ai.usage.outputTokens") ?? 0,
-				numberAttribute(span, "ai.usage.totalTokens") ?? 0,
-				numberAttribute(span, "ai.usage.inputTokenDetails.cacheReadTokens") ?? 0,
-				numberAttribute(span, "ai.usage.inputTokenDetails.cacheWriteTokens") ?? 0,
-				durationMs(span.duration),
-				promptCharCount(promptMessages ?? []),
-				responseText.length
-			]
-		});
-		return;
-	}
-	if (span.name === "ai.toolCall") {
-		const toolName = stringAttribute(span, "ai.toolCall.name");
-		const toolInput = parseJson(stringAttribute(span, "ai.toolCall.args"));
-		const conversationId = stringAttribute(span, "ai.telemetry.metadata.conversationId") ?? "";
-		const skillName = extractSkillName(toolName, toolInput) ?? currentSkillByConversation.get(conversationId) ?? "";
-		const success = span.status.code === 0;
-		writeAnalyticsDatapoint(analytics, {
-			indexes: [userIndex(stringAttribute(span, "ai.telemetry.metadata.userId") ?? "")],
-			blobs: [
-				"tool_call",
-				stringAttribute(span, "ai.telemetry.metadata.agentName") ?? "",
-				conversationId,
-				toolName ?? "",
-				skillName,
-				success ? "success" : "error"
-			],
-			doubles: [
-				durationMs(span.duration),
-				success ? 1 : 0,
-				0,
-				0,
-				0,
-				0,
-				0,
-				0
-			]
-		});
-	}
-}
-var AgentSpanExporter = class {
-	auditLogs;
-	analytics;
-	context;
-	constructor(auditLogs, analytics, context) {
-		this.auditLogs = auditLogs;
-		this.analytics = analytics;
-		this.context = context;
-	}
-	export(spans, resultCallback) {
-		(async () => {
-			try {
-				for (const span of spans) if (span.name === "ai.streamText.doStream") {
-					lastDoStreamByConversation.set(this.context.conversationId, span);
-					attachToolCallsToConversation(span, this.context.conversationId);
-					handleAnalyticsSpan(span, this.analytics);
-				} else if (span.name === "ai.streamText") await handleAuditSpan(span, this.auditLogs, this.context);
-				else if (span.name === "ai.toolCall") {
-					rememberToolCall(span);
-					handleAnalyticsSpan(span, this.analytics);
-				}
-				resultCallback({ code: 0 });
-			} catch (error) {
-				resultCallback({
-					code: 1,
-					error: error instanceof Error ? error : new Error(String(error))
-				});
-			}
-		})();
-	}
-	async shutdown() {}
-};
-function createAgentTracer(auditLogs, analytics, context) {
-	return new BasicTracerProvider({ spanProcessors: [new SimpleSpanProcessor(new AgentSpanExporter(auditLogs, analytics, context))] }).getTracer("@economic/agents");
-}
-//#endregion
 //#region src/server/v1/agent/Agent.ts
 /**
 * Base agent for Cloudflare Agents SDK Durable Objects with lazy skill loading